[kpsingh:static_calls] [security] 9e15595ed0: Kernel_panic-not_syncing:lsm_static_call_init-Ran_out_of_static_slots

KP Singh kpsingh at kernel.org
Mon Apr 15 21:39:08 UTC 2024



> On 15 Apr 2024, at 22:54, Casey Schaufler <casey at schaufler-ca.com> wrote:
> 
> On 4/15/2024 1:42 PM, KP Singh wrote:
>> 
>>> On 15 Apr 2024, at 17:47, KP Singh <kpsingh at kernel.org> wrote:
>>> 
>>> 
>> [...]
>> 
>>>> <penguin-kernel at i-love.sakura.ne.jp> wrote:
>>>>> On 2024/04/15 17:26, KP Singh wrote:
>>>>>> This seems like an odd config which does not enable STATIC_CALL, I am going to
>>>>>> make CONFIG_SECURITY depend on CONFIG_STATIC_CALL and make the dependency explicit.
>>>>> If CONFIG_SECURITY depends on CONFIG_STATIC_CALL, architectures which do not
>>>>> support CONFIG_STATIC_CALL can no longer use LSM ? That sounds a bad dependency.
>>>> Agreed.  If the arch doesn't support static calls we need a fallback
>>>> solution for the LSM that is no worse than what we have now, and
>>>> preferably would still solve the issue of the BPF hooks active even
>>>> where this is no BPF program attached.
>>> Actually I take it back, when CONFIG_STATIC_CALL is not available, the implementation falls back to an indirect call. This crash is unrelated, I will debug further and post back.
>> Apparently, when I smoke tested, I had CONFIG_IMA disabled so did not hit the bug. Well, now IMA is an LSM, so the following fixes it:
> 
> You'll want CONFIG_EVM as well, I bet.

Indeed, thanks Casey!





More information about the Linux-security-module-archive mailing list